Definition
Biometric systems, like all security systems, have vulnerabilities. This entry provides a survey of the many possible points of attack against traditional biometric systems. The vulnerabilities of nontraditional systems, such as those based on encoded biometrics, are surveyed in the article Security and Liveness, Overview. Here, biometric system security is defined by its absence: a vulnerability in biometric security results in incorrect recognition or failure to correctly recognize individuals. This definition includes methods to falsely accept an individual (spoofing), to decrease overall system performance (denial of service), or to attack another system via leaked data (identity theft). In this entry, each stage of biometric processing is analyzed and the potential vulnerabilities discussed. Techniques to structure the analysis of vulnerabilities, such as Attack Trees, are described, and four application scenarios and their vulnerabilities are considered.
Introduction
Th...
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Biometric testing campaign report (addendum to part i), Technical report, International Labour Organization, Geneva, 2005, http://www.ilo.org/public/english/dialogue/sector/papers/maritime/sid-test-report2.pdf
Cracked it! The Guardian, 17 Nov 2006, http://www.guardian.co.uk/idcards/story/0,,1950229,00.html
B. Cukic, N. Barlow, Threats and countermeasures, in Biometrics Consortium Conference, Washington, DC, 2005
G. Doddington, W. Liggett, A. Martin, N. Przybocki, D. Reynolds, Sheep, goats, lambs and wolves: an analysis of individual differences in speaker recognition performance, in Proceedings of the International Conference on Auditory-Visual Speech Processing, Sydney, 1998
N. Ferguson, B. Schneier, Practical Cryptography (Wiley, New York, 2003)
Generating images from templates, Technical report, 2002, http://www.ibgweb.com/reports/public/reports/templates_images.html
InterNational Committee for Information Technology Standards (INCITS), Study report on biometrics in e-authentication, technical report incits m1/06-0693. Technical report, 2006, http://www.incits.org/tc_home/m1htm/2006docs/m1060693.pdf
ISO, Standing document 2, version 5 – harmonized biometric vocabulary. Technical report, 2006. Technical report ISO/IEC JTC 1/SC 37 N 1480
ISO/IEC Working Draft 30107, Information Technology – Anti-Spoofing and Liveness Detection, ISO/IEC JTC 1/SC 37 Biometrics
A.K. Jain, A. Nagar, K. Nandakumar, Biometric template security. EURASIP J. Adv. Signal Process. Article ID 579416, 17p (2008)
D. Kundur, C.-Y. Lin, B. Macq, H. Yu, Special issue on enabling security technologies for digital rights management, in Proceedings of the IEEE Conference, vol. 92, 2004, pp. 879–882
Liveness detection in biometric systems, Technical report, 2002, http://www.ibgweb.com/reports/public/reports/liveness.html
T. Matsumoto, H. Matsumoto, K. Yamada, S. Hoshino, Impact of artificial “gummy” fingers on fingerprint systems, Proceedings of SPIE, vol. 4677 (2002)
A.P. Moore, R.J. Ellison, R.C. Linger, Attack modeling for information security and survivability. Technical report, Carnegie Mellon University, Pittsburgh, 2001
N.K. Ratha, J.H. Connell, R.M. Bolle, Enhancing security and privacy in biometrics-based authentication systems. IBM Syst. J. 40, 614–634 (2001)
P.E. Ross, Loser: passport to nowhere. IEEE Spectr. 42, 54–55 (2005)
M.B. Salter, Passports, mobility, and security: how smart can the border be? Int. Stud. Perspect. 5, 71–91 (2004)
B. Schneier, Attack trees. Dr. Dobb’s J. 24, 21 (1999)
B. Tan, S. Schuckers, Spoofing protection for fingerprint scanner by fusing ridge signal and valley noise. Pattern Recognit. 43(8), 2845–2857 (2010)
L. Thalheim, J. Krissler, Body check: Biometric access protection devices and their programs put to the test. c’t Mag. (2002). www.heise.de/ct/english/02/11/114/
C. Tilton, Biometrics in e-authentication: threat model, in Biometrics Consortium Conference, Baltimore, 2006, http://www.biometrics.org/bc2006/presentations/Wed_Sep_20/Session_III/Biometrics_and_EAuth/20_Tilton_e-auth_threat.pdf
U. Uludag, A.K. Jain, Attacks on biometric systems: a case study in fingerprints, in Proceedings of SPIE-EI 2004, Security, Steganography and Watermarking of Multimedia Contents VI, San Jose, 2004, pp. 622–633
S. Yoon, J. Feng, A.K Jain, Altered fingerprints: analysis and detection. IEEE Trans. Pattern Anal. Mach. Intell. 34(3), 451–464 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer Science+Business Media New York
About this entry
Cite this entry
Adler, A., Schuckers, S.A.C. (2015). Biometric Vulnerabilities, Overview. In: Li, S.Z., Jain, A.K. (eds) Encyclopedia of Biometrics. Springer, Boston, MA. https://doi.org/10.1007/978-1-4899-7488-4_65
Download citation
DOI: https://doi.org/10.1007/978-1-4899-7488-4_65
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4899-7487-7
Online ISBN: 978-1-4899-7488-4
eBook Packages: Computer ScienceReference Module Computer Science and Engineering